f41d4d72de
It only accesses already-open file handles since b/67111829, so has no need for any access to the directories, not even search access. Fixes: 161960094 Bug: 141677108 Test: boot, install app Test: cmd package force-dex-opt <package> Test: cmd package bg-dexopt-job Test: No denials seen. Change-Id: I23dca1f038351be759dd16dff18d16d158604c3c
30 lines
781 B
Text
30 lines
781 B
Text
# MLS override can't be used to access private app data.
|
|
|
|
# Apps should not normally be mlstrustedsubject, but if they must be
|
|
# they cannot use this to access app private data files; their own app
|
|
# data files must use a different label.
|
|
|
|
neverallow {
|
|
mlstrustedsubject
|
|
-installd
|
|
-iorap_prefetcherd
|
|
-iorap_inode2filename
|
|
} { app_data_file privapp_data_file }:file ~{ read write map getattr ioctl lock append };
|
|
|
|
neverallow {
|
|
mlstrustedsubject
|
|
-installd
|
|
-iorap_prefetcherd
|
|
-iorap_inode2filename
|
|
} { app_data_file privapp_data_file }:dir ~{ read getattr search };
|
|
|
|
neverallow {
|
|
mlstrustedsubject
|
|
-installd
|
|
-iorap_prefetcherd
|
|
-iorap_inode2filename
|
|
-system_server
|
|
-adbd
|
|
-runas
|
|
-zygote
|
|
} { app_data_file privapp_data_file }:dir { read getattr search };
|